[ubuntu/karmic] postgresql-8.3 8.3.8-1 (Accepted)

Martin Pitt martin.pitt at ubuntu.com
Wed Sep 9 18:00:14 BST 2009 

postgresql-8.3 (8.3.8-1) unstable; urgency=medium

  * Urgency medium due to security fix.
  * New upstream security/bug fix release:
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather than silently truncating
      it.
    - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
      number of parameters (twenty).
    - Improve robustness of libpq's code to recover from errors during
      "COPY FROM STDIN".
  * Bump Standards-Version to 3.8.3 (no changes necessary).

Date: Sun, 06 Sep 2009 14:10:22 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
Origin: debian/unstable
https://launchpad.net/ubuntu/karmic/+source/postgresql-8.3/8.3.8-1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: debian/unstable
Format: 1.8
Date: Sun, 06 Sep 2009 14:10:22 +0200
Source: postgresql-8.3
Binary: postgresql-8.3 postgresql-client-8.3 postgresql-server-dev-8.3 postgresql-doc-8.3 postgresql-contrib-8.3 postgresql-plperl-8.3 postgresql-plpython-8.3 postgresql-pltcl-8.3
Architecture: source
Version: 8.3.8-1
Distribution: karmic
Urgency: medium
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 postgresql-8.3 - object-relational SQL database, version 8.3 server
 postgresql-client-8.3 - front-end programs for PostgreSQL 8.3
 postgresql-contrib-8.3 - additional facilities for PostgreSQL
 postgresql-doc-8.3 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.3 - PL/Perl procedural language for PostgreSQL 8.3
 postgresql-plpython-8.3 - PL/Python procedural language for PostgreSQL 8.3
 postgresql-pltcl-8.3 - PL/Tcl procedural language for PostgreSQL 8.3
 postgresql-server-dev-8.3 - development files for PostgreSQL 8.3 server-side programming
Changes: 
 postgresql-8.3 (8.3.8-1) unstable; urgency=medium
 .
   * Urgency medium due to security fix.
   * New upstream security/bug fix release:
     - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
       security-definer functions. This covers a case that was missed in the
       previous patch that disallowed "SET ROLE" and "SET SESSION
       AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
     - Force WAL segment switch during pg_start_backup(). This avoids corner
       cases that could render a base backup unusable.
     - Make "LOAD" of an already-loaded loadable module into a no-op.
       Formerly, "LOAD" would attempt to unload and re-load the module,
       but this is unsafe and not all that useful.
     - Disallow empty passwords during LDAP authentication.
     - Fix handling of sub-SELECTs appearing in the arguments of an
       outer-level aggregate function.
     - Fix bugs associated with fetching a whole-row value from the output
       of a Sort or Materialize plan node.
     - Prevent synchronize_seqscans from changing the results of
       scrollable and WITH HOLD cursors.
     - Revert planner change that disabled partial-index and constraint
       exclusion optimizations when there were more than 100 clauses in an
       AND or OR list.
     - Fix hash calculation for data type interval. This corrects wrong results
       for hash joins on interval values. It also changes the contents of hash
       indexes on interval columns. If you have any such indexes, you must
       "REINDEX" them after updating.
     - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
       'HH'/'HH12'. It was previously handled as 'th' (lowercase).
     - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
       and integer datetimes are in use.
     - Fix calculation of distance between a point and a line segment.
       This led to incorrect results from a number of geometric operators.
     - Fix money data type to work in locales where currency amounts have
       no fractional digits, e.g. Japan.
     - Fix LIKE for case where pattern contains %_.
     - Properly round datetime input like 00:12:57.9999999999999999999999999999.
     - Fix memory leaks in XML operations.
     - Fix poor choice of page split point in GiST R-tree operator classes.
     - Ensure that a "fast shutdown" request will forcibly terminate open
       sessions, even if a "smart shutdown" was already in progress.
     - Avoid performance degradation in bulk inserts into GIN indexes when
       the input values are (nearly) in sorted order.
     - Correctly enforce NOT NULL domain constraints in some contexts in
       PL/pgSQL.
     - Fix portability issues in plperl initialization.
     - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
       empty.
     - Improve pg_dump's efficiency when there are many large objects.
     - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
     - Make pg_standby's maxretries option behave as documented.
     - Make "contrib/hstore" throw an error when a key or value is too
       long to fit in its data structure, rather than silently truncating
       it.
     - Fix "contrib/xml2"'s xslt_process() to properly handle the maximum
       number of parameters (twenty).
     - Improve robustness of libpq's code to recover from errors during
       "COPY FROM STDIN".
   * Bump Standards-Version to 3.8.3 (no changes necessary).
Checksums-Sha1: 
 55715f08267d4250f77a49ba827c832b1a55afef 1509 postgresql-8.3_8.3.8-1.dsc
 9c878bf181b69ebd80b12131cd4abfd675a9a02e 13841845 postgresql-8.3_8.3.8.orig.tar.gz
 8f3ee171142595b9a940ea35cc75cfe70ca3b3b9 43029 postgresql-8.3_8.3.8-1.diff.gz
Checksums-Sha256: 
 bed13db0c43c1b965d647f177e77e08246188311dbe1d8927df195c55404ea86 1509 postgresql-8.3_8.3.8-1.dsc
 434135b02bbc7574188c7671839285977fa8a7cc48d0e9b2a169fc0372bcdc10 13841845 postgresql-8.3_8.3.8.orig.tar.gz
 2888abdb03983fff96d56bda77a08d886f68139ff364e9053954e3076a74a8ec 43029 postgresql-8.3_8.3.8-1.diff.gz
Files: 
 c22276a23c3c8530cdd14c116505f997 1509 database optional postgresql-8.3_8.3.8-1.dsc
 14a82ab269c114d72986daf75129aabf 13841845 database optional postgresql-8.3_8.3.8.orig.tar.gz
 eb9ad271400b4e5cfd72b436e92242cc 43029 database optional postgresql-8.3_8.3.8-1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqn3PIACgkQDecnbV4Fd/ID3ACg4R9/00AW+fozJVByDSCpts1d
6roAoKHxOOfn9qL2IXSfu0Jv4gb0ukUJ
=vTIh
-----END PGP SIGNATURE-----

More information about the Karmic-changes mailing list